diff options
| author | Borislav Petkov <bp@suse.de> | 2022-01-27 12:56:25 +0100 |
|---|---|---|
| committer | Borislav Petkov <bp@suse.de> | 2022-04-04 10:17:03 +0200 |
| commit | 76ea0025a214cdf0d2c204f4c21cbffa9fb57c32 (patch) | |
| tree | 643870c8255bf50443d394dec8d148e786b77de9 /arch/x86/mm/setup_nx.c | |
| parent | 385d2ae0a1b5efacb30e13a0f0e521490441d9bb (diff) | |
| download | linux-76ea0025a214cdf0d2c204f4c21cbffa9fb57c32.tar.gz linux-76ea0025a214cdf0d2c204f4c21cbffa9fb57c32.tar.bz2 linux-76ea0025a214cdf0d2c204f4c21cbffa9fb57c32.zip | |
x86/cpu: Remove "noexec"
It doesn't make any sense to disable non-executable mappings -
security-wise or else.
So rip out that switch and move the remaining code into setup.c and
delete setup_nx.c
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Lai Jiangshan <jiangshanlai@gmail.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220127115626.14179-6-bp@alien8.de
Diffstat (limited to 'arch/x86/mm/setup_nx.c')
| -rw-r--r-- | arch/x86/mm/setup_nx.c | 62 |
1 files changed, 0 insertions, 62 deletions
diff --git a/arch/x86/mm/setup_nx.c b/arch/x86/mm/setup_nx.c deleted file mode 100644 index ed5667f5169f..000000000000 --- a/arch/x86/mm/setup_nx.c +++ /dev/null @@ -1,62 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 -#include <linux/spinlock.h> -#include <linux/errno.h> -#include <linux/init.h> -#include <linux/pgtable.h> - -#include <asm/proto.h> -#include <asm/cpufeature.h> - -static int disable_nx; - -/* - * noexec = on|off - * - * Control non-executable mappings for processes. - * - * on Enable - * off Disable - */ -static int __init noexec_setup(char *str) -{ - if (!str) - return -EINVAL; - if (!strncmp(str, "on", 2)) { - disable_nx = 0; - } else if (!strncmp(str, "off", 3)) { - disable_nx = 1; - } - x86_configure_nx(); - return 0; -} -early_param("noexec", noexec_setup); - -void x86_configure_nx(void) -{ - if (boot_cpu_has(X86_FEATURE_NX) && !disable_nx) - __supported_pte_mask |= _PAGE_NX; - else - __supported_pte_mask &= ~_PAGE_NX; -} - -void __init x86_report_nx(void) -{ - if (!boot_cpu_has(X86_FEATURE_NX)) { - printk(KERN_NOTICE "Notice: NX (Execute Disable) protection " - "missing in CPU!\n"); - } else { -#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE) - if (disable_nx) { - printk(KERN_INFO "NX (Execute Disable) protection: " - "disabled by kernel command line option\n"); - } else { - printk(KERN_INFO "NX (Execute Disable) protection: " - "active\n"); - } -#else - /* 32bit non-PAE kernel, NX cannot be used */ - printk(KERN_NOTICE "Notice: NX (Execute Disable) protection " - "cannot be enabled: non-PAE kernel!\n"); -#endif - } -} |